USN-7875-1: Linux kernel (Oracle) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

Improper Certificate Validation

org.opensearch.dataprepper.plugins:geoip-processor is vulnerable to Improper Certificate Validation. The vulnerability is due to the use of deprecated "SSL" when creating SSL contexts, which allows an attacker to potentially force negotiation of outdated and insecure SSL protocols, increasing the...

Beyond Fixed and Dynamic Prompts: Embedded Jailbreak Templates for Advancing LLM Security

As the use of large language models LLMs continues to expand, ensuring their safety and robustness has become a critical challenge. In particular, jailbreak attacks that bypass built-in safety mechanisms are increasingly recognized as a tangible threat across industries, driving the need for...

Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Improper Authentication (CVE-2022-22576)

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

Siemens SIMATIC S7-1500 Improper Validation of Certificate with Host Mismatch (CVE-2024-2466)

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-2004)

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

OESA-2025-2644 mysql security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. %if Security Fixes:...

OESA-2025-2637 python3 security update

Security Fixes: CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity d...

OESA-2025-2638 python3 security update

Security Fixes: CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity d...

BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

Cross Site Scripting (XSS)

@meshconnect/web-link-sdk is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of URL protocols in the createLink.openLink function, which allows an attacker to execute arbitrary JavaScript code in the parent page context and access its DOM, storage,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988922 advisory. In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix list protocols enumeration in the base protocol While enumerating protocol...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989869)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989869 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989114 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a...

mysql: mariadb: High Privilege Denial of Service Vulnerability in MySQL Server (CPU Jan 2025)

A flaw was found in the MySQL Server component: InnoDB. This vulnerability allows a high-privileged attacker to cause a denial of service, which causes frequent crashes or hangs, via multiple network protocols...

mysql: mariadb: High Privilege Denial of Service Vulnerability in MySQL Server (CPU Jan 2025)

A flaw was found in the MySQL Server component: InnoDB. This vulnerability allows a high-privileged attacker to cause a denial of service, which causes frequent crashes or hangs, via multiple network protocols...

CVE-2025-53044

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

[SECURITY] Fedora 43 Update: squid-7.2-1.fc43

Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2025-1244)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1244 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Ja...